aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-11-16 06:52:49 -0500
committerDavid S. Miller <davem@davemloft.net>2010-11-17 13:54:35 -0500
commitee58681195bf243bafc44ca53f3c24429d096cce (patch)
tree938c3f2f2b6db4d43429c28f2ca67650e12829f1 /net/ipv4
parentda6836500414ae734cd9873c2d553db594f831e9 (diff)
network: tcp_connect should return certain errors up the stack
The current tcp_connect code completely ignores errors from sending an skb. This makes sense in many situations (like -ENOBUFFS) but I want to be able to immediately fail connections if they are denied by the SELinux netfilter hook. Netfilter does not normally return ECONNREFUSED when it drops a packet so we respect that error code as a final and fatal error that can not be recovered. Based-on-patch-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/tcp_output.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 05b1ecf36763..bb8f547fc7d2 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2592,6 +2592,7 @@ int tcp_connect(struct sock *sk)
2592{ 2592{
2593 struct tcp_sock *tp = tcp_sk(sk); 2593 struct tcp_sock *tp = tcp_sk(sk);
2594 struct sk_buff *buff; 2594 struct sk_buff *buff;
2595 int err;
2595 2596
2596 tcp_connect_init(sk); 2597 tcp_connect_init(sk);
2597 2598
@@ -2614,7 +2615,9 @@ int tcp_connect(struct sock *sk)
2614 sk->sk_wmem_queued += buff->truesize; 2615 sk->sk_wmem_queued += buff->truesize;
2615 sk_mem_charge(sk, buff->truesize); 2616 sk_mem_charge(sk, buff->truesize);
2616 tp->packets_out += tcp_skb_pcount(buff); 2617 tp->packets_out += tcp_skb_pcount(buff);
2617 tcp_transmit_skb(sk, buff, 1, sk->sk_allocation); 2618 err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
2619 if (err == -ECONNREFUSED)
2620 return err;
2618 2621
2619 /* We change tp->snd_nxt after the tcp_transmit_skb() call 2622 /* We change tp->snd_nxt after the tcp_transmit_skb() call
2620 * in order to make this packet get counted in tcpOutSegs. 2623 * in order to make this packet get counted in tcpOutSegs.